Skip to content
Permalink
Browse files
more cleanup
  • Loading branch information
shawnmckinney committed Mar 16, 2019
1 parent 58cc7e4 commit 9fe3026f7e1d7086fe6f22f03a8ac1dfcb53ed0e
Showing 1 changed file with 2 additions and 2 deletions.
@@ -119,9 +119,9 @@ The ARBAC checks include the following:

3. Some APIs on the *AdminMgr* do organization checks, matching the org on the admin role with that on the target. There are two types of organziations, User and Permission.

For example, de/assignUser(User, Role) will verify that the caller has an ADMIN role with a matching user org unit, *userOU*, on the target user.
For example, de/assignUser(User, Role) will verify that the caller has an ADMIN role with a matching user org unit that matches the ou of the target user.

There is similar check on grant/revokePermission(Role, Permission), where the caller must have activated ADMIN role matching the perm org unit, *permOU*, corresponding with the permission being targeted.
There is similar check on grant/revokePermission(Role, Permission), where the caller must have activated ADMIN role matching the perm org unit that matches the ou on the target permission.

The complete list of APIs that enforce range and OU checks follow:

0 comments on commit 9fe3026

Please sign in to comment.